redline | 8c61353f9b78524565c313e4b386b751 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c61353f9b78524565c313e4b386b751
Size

304KB
MD5

8c61353f9b78524565c313e4b386b751
SHA1

67440e45faf6f6775c63cfe62bcf40f79028c793
SHA256

b8ab5a5c3888eaf308526dabd3022788ff348ca6f9ef565daca366a676776758
SHA512

9dc401dbe14219ab646c0183c800be6453e59d42c1750c716e4d0750d67c3864115db2a98b7d3dcd4c6e7c125ee8e3ecad2895328f2a25143984ee4eb698be42
SSDEEP

6144:Sqem6KWineUqoY5D8RgyzWUr98tlt9DS0OR1D55/KFWGg6:Sdm6VbUSYoW+tj9W0k1dGg6

Score

10^/10

themida redline sectoprat

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c61353f9b78524565c313e4b386b751

Files

8c61353f9b78524565c313e4b386b751
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 247KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 665KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE